logstash能否自动识别日志中的KV对并对其进行解析
Logstash可以自动识别日志中的KV对,并像splunk那样解析它们 实际上,我编写了一个GROK过滤器来解析字段,并定义了一个KV过滤器,以便解析出额外的字段。但是有些日志是如此随机,以至于它们与我的GROK不匹配,从这些日志中,我必须将KV对解析为字段 我写了一篇文章:logstash能否自动识别日志中的KV对并对其进行解析,logstash,logstash-grok,Logstash,Logstash Grok,Logstash可以自动识别日志中的KV对,并像splunk那样解析它们 实际上,我编写了一个GROK过滤器来解析字段,并定义了一个KV过滤器,以便解析出额外的字段。但是有些日志是如此随机,以至于它们与我的GROK不匹配,从这些日志中,我必须将KV对解析为字段 我写了一篇文章: %{MONTHDAY} %{MONTH} %{YEAR} %{TIME},%{NUMBER:duration} %{WORD:loglevel}%{SPACE}%{WORD:Activity} \[\{%{DATA:fo
%{MONTHDAY} %{MONTH} %{YEAR} %{TIME},%{NUMBER:duration} %{WORD:loglevel}%{SPACE}%{WORD:Activity} \[\{%{DATA:foo1}\}\]: %{GREEDYDATA:foo2}
[%t] 08 Aug 2017 18:55:38,179 INFO ApiConsumer [{applicationSystemCode=monicapp-app, clientIP=10.x.x.x, clusterId=Cluster-Id-NA, containerId=Container-Id-NA, correlationId=205c2806-2f97-f42f-00f5-9a43aafb9eb3, domainName=defaultDomain, hostName=10.x.x.x.domain.com, messageId=10.202.100.34-4041d41d-75f3-4282-9aab-dd1ab17ecdf3, userId=ANONYMOUS, webAnalyticsCorrelationId=B347BC083EB9DCE4ED5005506F1F1E63|}]: Accept="applications/json; v=1.0" Api-key="272df4bd-cb92-467e-b20b-4059e235b68e" Client-Correlation-Id="205c2806-2f97-f42f-00f5-9a43aafb9eb3" Content-Type="application/json" URL="https://mus.domain.com/private/appm/details-search"
[%t] 08 Aug 2017 18:55:38,203 INFO ApiConsumer [{applicationSystemCode=monicapp-app, clientIP=10.x.x.x, clusterId=Cluster-Id-NA, containerId=Container-Id-NA, correlationId=205c2806-2f97-f42f-00f5-9a43aafb9eb3, domainName=defaultDomain, hostName=ip-x-x-x.domain.com, messageId=10.x.x.34-4041d41d-75f3-4282-9aab-dd1ab17ecdf3, userId=ANONYMOUS, webAnalyticsCorrelationId=B347BC083EB9DCE4ED5005506F1F1E63|}]: KpiMetric="Cta" TransactionName="ApplicationDetail" TransactionStatus="Success" User="Associate(firstName=mike, lastName=daniel, role=Consultant, email=mike.daniel@domain.com, electronicId=mkd)"
User=“Associate(firstName=mike,lastName=daniel,role=Consultant,email=mike)中的字段。daniel@domain.com,electronicId=mkd)“有什么想法吗?你必须这样做: